CVE-2025-8060

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-8060
A vulnerability has been found in Tenda AC23 16.03.07.52 and classified as critical. Affected by this vulnerability is the function sub_46C940 of the file /goform/setMacFilterCfg of the component httpd. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://github.com/Thir0th/Thir0th-CVE/blob/main/Tenda%20AC23_V16.03.07.52_has_a_stack_overflow.md
https://vuldb.com/?ctiid.317317
https://vuldb.com/?id.317317
https://vuldb.com/?submit.619604
https://www.tenda.com.cn/
https://github.com/Thir0th/Thir0th-CVE/blob/main/Tenda%20AC23_V16.03.07.52_has_a_stack_overflow.md
Configurations

No configuration.

History

23 Jul 2025, 16:15

Type Values Removed Values Added
Summary
  • (es) Se ha detectado una vulnerabilidad en Tenda AC23 16.03.07.52, clasificada como crítica. Esta vulnerabilidad afecta a la función sub_46C940 del archivo /goform/setMacFilterCfg del componente httpd. La manipulación del argumento deviceList provoca un desbordamiento del búfer basado en la pila. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado.
References () https://github.com/Thir0th/Thir0th-CVE/blob/main/Tenda%20AC23_V16.03.07.52_has_a_stack_overflow.md - () https://github.com/Thir0th/Thir0th-CVE/blob/main/Tenda%20AC23_V16.03.07.52_has_a_stack_overflow.md -

23 Jul 2025, 02:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-23 02:15

Updated : 2025-07-23 16:15

NVD link : CVE-2025-8060

Mitre link : CVE-2025-8060

CVE.ORG link : CVE-2025-8060

JSON object : View

Products Affected

No product.

CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-121

Stack-based Buffer Overflow